Global Catalog Registry Entries
kmohaan
The information here is provided as a reference for use in
troubleshooting or verifying that the required settings are applied.
It is recommended that you do not directly edit the registry unless
there is no other alternative. Modifications to the registry are not
validated by the registry editor or by Windows before they are
applied, and as a result, incorrect values can be stored. This can
result in unrecoverable errors in the system. When possible, use Group
Policy or other Windows tools, such as Microsoft Management Console
(MMC), to accomplish tasks rather than editing the registry directly.
If you must edit the registry, use extreme caution.
The following registry entries are associated with the global catalog.
NTDS Parameters:-
The following registry entries under HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\NTDS\Parameters control or contain
information about the configuration of the global catalog.
Global Catalog Promotion Complete:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Version:
Windows Server 2003:
Used for Install From Media. This entry is set in conjunction with the
domain controller setting its rootDSE attribute isGlobalCatalogReady
to TRUE, the Net Logon service on the domain controller registering
SRV resource records that specifically advertise the global catalog in
DNS, and the domain controller beginning to listen on port 3268.
Global Catalog Partition Occupancy:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Version:
Windows Server 2003
The requirement for read-only replicas that must be added (replication
partner established) or synchronized (replication completed), or both,
on the global catalog server before the server is advertised in DNS.
Lower occupancy levels specify varying levels of replication
completeness, including advertising in DNS when all read-only replicas
of only those domains represented in the domain controller’s site are
synchronized.
Version:
Windows 2000 Server with SP3 and later:
The occupancy level requires full synchronization of all read-only
replicas.
Version:
Windows 2000 Server with Service Pack (SP) 2 and earlier:
The occupancy level requires only the replicas of domains in the
site.
Global Catalog Delay Advertisement:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Version:
Windows Server 2003, Windows 2000 Server
Overrides the requirements set in Global Catalog Partition Occupancy
entry and allows global catalog advertisement without requiring full
synchronization of all read-only replicas. If you do not set this
value, checking for synchronized read-only partitions continues to
occur at 30-minute intervals until the requirements are met.
Cached Membership Site Stickiness (minutes):-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\
Version:
Windows Server 2003
The maximum time during which an account’s cached membership can be
refreshed automatically without the account having to log on in this
site. The default value is one-half the value of the account’s site
affinity setting, which is 180 days by default. If the account has not
logged on in more than 90 days, the account’s group membership cache
expires and must be reinstated at the next logon by contacting a
global catalog server.
Cached Membership Staleness (minutes):-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\
Version:
Windows Server 2003
The maximum staleness to tolerate when using a cached group
membership. The default value is one week. If the cached membership
age is greater than this interval and no global catalog server is
available, the logon fails. If no value is present, the default value
is used.
Cached Membership Refresh Interval (minutes):-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\
Version:
Windows Server 2003
The frequency of automatic cache refresh. The default value is eight
hours. If no value is present, the default value is used.
Cached Membership Refresh Limit:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\
Version:
Windows Server 2003
The maximum number of user and computer accounts that are refreshed
during a group membership cache refresh.
SamNoGcLogonEnforceKerberosIpCheck:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
Version:
Windows Server 2003
By default, allows site affinity to be tracked for Kerberos logons
that originate outside the site. This setting only applies to Kerberos
logons; it will not affect site affinity caching for NTLM logons from
different sites.
SamNoGcLogonEnforceNTLMCheck:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
Version:
Windows Server 2003
A value of 1 configures Security Accounts Manager (SAM) to not give
site affinity to NTLM logon requests that are network logon requests;
it may not prevent caching for other logon types.
NTDS Diagnostics:-
The following registry entry under HKEY_LOCAL_MACHINE\SYSTEM
\CurrentControlSet\Services\NTDS\Diagnostics control the logging level
for the component or process that is specified in the entry name.
Global Catalog:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Version:
Windows Server 2003, Windows 2000 Server
The logging level for the global catalog on the domain controller. The
value is set to an integer from 0 (no logging) through 5 (most verbose
logging).
20 Group Caching:-
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics
Version:
Windows Server 2003
The logging level for Universal Group Membership Caching on a domain
controller in a site where this feature is enabled. The value is set
to an integer from 0 (no logging) through 5 (most verbose logging).
Significant events are reported at logging level 2. with many
additional events reported at logging level 5.
Shivramkrishnan
Dear Friends,
I was holding a setup with ADS and Exchange Server, where the ADS is windows 2003 enterprise edition (32bit) and Exchange server 2003.
All of sudden due to hardware failure our exchange server got crashed am bound to reinstall the same with new hardware. Now I have installed the same and connected to my domain setup. But unfortunately all the services were getting started but exchange is not working.
When I dig some info on ADS , found that those old exchange server info is also there. Am trying clear those, which is not getting cleared totally.
Came someone tell me how to make the new exchange server get registered on the ADS, by clearing the old ?
Thanks & Regards
Sivaramakrishnan K | BakBone
Software | System Engineer South India | direct +91 80 4148 5031 | tel/fax +91 80 4148
5030 | mobile +91 98861 60819 | shiv...@bakbone.com
Disclaimer: This correspondence is for the named
person's use only. It may contain confidential or legally privileged
information or both. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this correspondence in error, please
immediately delete it from your system and notify the sender. You must not
disclose, copy or rely on any part of this correspondence if you are not the
intended recipient.
Selva Raj
Hi Siva,
If you have backups for exchange database, you can recover it. If
services are not started, what is the error your getting. Check
your event viewer for the error logs. Can you let me know on the errors?
- Selva
Shivramkrishnan
Dear Selva,
Thanks for the effort on helping. Beingg that was a urgent scenario and the problem was related to ADS. We have reinstalled the ADS and installed again the exchange server.
We came to know the problem occurred was due to administrator account was in use with old exchange server and which is causing the trouble. With the new setup, we were using a new user created for exchange server purpose with admin rights.
Now we are planning to incorporate one more exchange server on the same setup, can anyone guide me on this ?
Regards
Sivaram